OpenBSD Network Shell

NSH is a CLI intended for OpenBSD-based network appliances. It replaces ifconfig, sysctl, and route with its own simple command language, and consolidates configuration for other daemons into one place, effectively replacing /etc/netstart and parts of /etc/rc for appliance-style usage. NSH presents the user with a vaguely Cisco-like interface with all configuration in one easy to read text list. It also gives the user access to system information and diagnostics. NSH replaces the userland commands that handle these functions, and talks directly to the OpenBSD kernel or control utility for daemon functionality. Supported external utilities: pf, ospfd, ospf6d, bgpd, ripd, ldpd, relayd, ipsecctl, iked, rtadvd, dvmrpd, sasyncd, dhcpd, snmpd, sshd, ntpd, ifstated, tftp-proxy, ftp-proxy, tftpd, npppd, resolv.conf, inetd, smtpd, ldapd, and ifstated.

Recent releases

Release Notes: Full routing table support across all supported commands, daemons, and routing configurations. All daemons and commands can now be used in any routing table. Multiple daemons can be configured to run, each within their own routing table with non-overlapping configuration. Full IPv6 support in interface and routing configuration. Use of SQLite as a back-end for temporal data. Support for tftpd, tftp-proxy, ospf6d, and npppd in the ctl handler. CARP and pfsync work properly now.

Release Notes: This release adds an ifstated handler, fixes the interface start order, and organizes configurations to start interfaces in the same order as /etc/netstart (this will fix problems for some trunk and carp users).

Release Notes: Command completion for first level and most second level commands. ftp-proxy, sshd, and inetd handlers (no options yet, just on/off) and a resolv.conf handler (with local-control or dhcp-control.) Various bugfixes. Daemon controls including SSH, NTP, BGP, and OSPF are now production-tested and considered reliable.

Release Notes: Full support was added for BGP, OSPF, RIP, IPsec,
DHCP, DVMRP, SNMP, NTP, relayd, and sasyncd. New
support was added for route labels, interface
groups, group attributes, vlan priority, arp show,
and arp set. Significant code cleanup was done.
Basic paging support was added for show run and
show start.